SQL injection attacks up by 69%

(LiveHacking.Com) – FireHost, a secure cloud hosting company, are reporting that it has seen a 69% increase in SQL Injection attacks during the second quarter of 2012. During Q1 the company blocked some 277,000 attacks, but during Q2 that figure rose to nearly 500,000.

Most modern websites rely on a backend database to store the contents of the site and to power an authentication system. During an SQL injection attack the hacker tries to manipulate data entered into web forms to influence the SQL commands which are executed in the background. If the hacker gets it right, they can manipulate the site or circumvent user authentication. The danger comes when websites use the information entered into a web form without any validation or verification.

SQL injections have been associated with many high profile security breaches, particularly the attacks on Sony during 2011 and are thought to be the method used by hackers who recently stole passwords from LinkedIn, eHarmony and Yahoo!.

“Many, many sites have lost customer data in this way,” said Chris Hinkley, CISSP – a Senior Security Engineer at FireHost. “SQL Injection attacks are often automated and many website owners may be blissfully unaware that their data could actively be at risk. These attacks can be detected and businesses should be taking basic and blanket steps to block attempted SQL Injection, as well as the other types of attacks we frequently see.”

FireHost has also seen an increase in Cross-site Scripting (XSS) attacks, Directory Traversals, and Cross-site Request Forgery (CSRF) attacks. Interestingly the majority of attacks came from within the United States (83%). Southern Asia came in second with 8%, while Europe was in third. FireHost also notes the rise in automated attacks launched by hackers. The warning is clear for every website owner and every security specialist.